Starting from 4.0 version, SippySoft implemented a new feature "IP Firewall" that you may find in the "Tools" section of a main menu.

New firewall configuration menu has been added to limit access to SIP/Web/DB based on the IP address.


Example of a default page:

Rules with IP addresses 0.0.0.0 and net-mask 0.0.0.0 mean ANY IP/ANY Subnet. And on a screenshot you see that by default (after the actual system provisioning) SIP/web access is not restricted (means that you may get the web/sip access from any IP). Please note, it doesn't mean that any suspicious IP may login to your web interface bypassing the login credentials. It means that the login page would be visible for anyone who knows  your IP address. The same approach for all other types of rules.


If a switch operator wants to restrict access e.g for the Web interface globally (for every entity in the system), he needs to add at first the list of trusted IP's with the Rule = allow and only then Deny access for the global rule with IP address 0.0.0.0 (means block for all IP's except the list of IPs that were added higher than a global rule with Denied access).


See example for the Web type:

Another possible approach (less secure) for a switch operator, to block only the list of suspicious/fraud IPs only. In such a case we are leaving the default rule with IP address 0.0.0.0 & netmask 0.0.0.0 in the allowed state and adding the fraud IP with a Deny rule.


See example for the Web type:


The same approach works for all other types of rules (SIP/DB/SSH).


Warning: For your security please review your Firewall Rules and create rules to allow or deny access to your SoftSwitch. For some suggestions visit our support documentation here.


The warring message has been developed to inform a switch operator that some of the default rules with IP address 0.0.0.0 and netmask 0.0.0.0 is in the allowed state and may lead to a potential security issue.

So to resolve this issue there are two scenarios:

1) Add the list of trusted IPs with a rule = allow for all types of services and then block the default rules with IP addresses 0.0.0.0 and netmask 0.0.0.0 (that means block access for all IP's except the allowed list of IP's)

2) Upload/generate a valid SSL certificate using the following documentations:

2) Just uncheck the security alerts in "Security Alerts" section.




Other related/useful documentations: